Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | The option struct needs to be terminated, otherwise ip{,6}tables | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-30 | 2 | -0/+2 | |
| | | | | | | will access illegal memory in merge_options(). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> | |||||
* | Remove the .next=NULL field. This is automatically initialized to zero. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-30 | 50 | -71/+2 | |
| | | | | | | | I've kept .print=NULL and .save=NULL so it stands out (since iptables will do the print/save then). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> | |||||
* | Make xtables_target->extra_opts const (xtables_match->extra_opts already is) | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-30 | 1 | -1/+1 | |
| | | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de> | |||||
* | Changes permissions of test scripts of dccp, string, and quota match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -0/+0 | |
| | ||||||
* | Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -135/+39 | |
| | ||||||
* | Unifies libip[6]t_SECMARK.c into libxt_SECMARK.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -132/+33 | |
| | ||||||
* | Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 5 | -171/+81 | |
| | ||||||
* | Add IPv6 support to comment match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -35/+52 | |
| | ||||||
* | Add IPv6 support to dccp match. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -60/+78 | |
| | ||||||
* | Add IPv6 support to dscp match. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -41/+58 | |
| | ||||||
* | Unifies libip[6]t_esp.c into libxt_esp.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 7 | -254/+53 | |
| | ||||||
* | Unifies libip[6]t_length.c into libxt_length.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 6 | -185/+40 | |
| | ||||||
* | Unifies libip[6]t_limit.c into libxt_limit.c. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 5 | -249/+51 | |
| | ||||||
* | Unifies libip[6]t_mac.c into libxt_mac.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -154/+40 | |
| | ||||||
* | Unifies libip[6]t_physdev.c into libxt_physdev.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 6 | -295/+97 | |
| | ||||||
* | Add IPv6 support to pkttype match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -22/+38 | |
| | ||||||
* | Add IPv6 support to quota match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 2 | -6/+22 | |
| | ||||||
* | Unifies libip[6]t_sctp.c into libxt_sctp.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 5 | -588/+50 | |
| | ||||||
* | Unifies libip[6]t_standard.c into libxt_standard.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -74/+27 | |
| | ||||||
* | Unifies libip[6]t_tcp.c into libxt_tcp.c. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -447/+49 | |
| | ||||||
* | Add IPv6 support to tcpmss match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -23/+40 | |
| | ||||||
* | Unifies libip[6]t_udp.c into libxt_udp.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -249/+76 | |
| | ||||||
* | Unifies libip[6]_mark.c into libxt_mark.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -135/+19 | |
| | ||||||
* | Use unified API in libipt_mark.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -18/+19 | |
| | ||||||
* | Add IPv6 support to string match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -0/+16 | |
| | ||||||
* | Moves libipt_string.c to libxt_string.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -2/+3 | |
| | ||||||
* | Use unified API in string match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -20/+21 | |
| | ||||||
* | Unifies libip[6]t_multiport.c into libipxt_multiport.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 5 | -524/+86 | |
| | ||||||
* | Moves libipt_multiport.c to libxt_multiport.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 2 | -2/+2 | |
| | ||||||
* | Splits ipt_multport into family dependent parts and others | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -34/+68 | |
| | ||||||
* | Use unified API in multiport match | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 2 | -46/+80 | |
| | ||||||
* | Add IPv6 support to NOTRACK | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -0/+16 | |
| | ||||||
* | Renames libipt_NOTRACK.c to libxt_NOTRACK.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 2 | -1/+2 | |
| | ||||||
* | Use unified API in NOTRACK target. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -16/+15 | |
| | ||||||
* | Moves all declarations in iptables_common.h to xtables.h. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 6 | -41/+32 | |
| | ||||||
* | Installs libxt_*.so to DEST_IPT_LIBIDR and link libip[6]t_*.so to it. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -0/+26 | |
| | ||||||
* | Introduces DEST_IPT_LIBDIR to simplify $(DESTDIR)$(LIBDIR)/iptables | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 2 | -8/+10 | |
| | ||||||
* | Fixes warning on compilation, part 2 | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 6 | -29/+46 | |
| | | | | | | | | | | This changes the type of arguments as follows in multiport, DNAT, SNAT, MASQUERADE, and REDIRECT - ip[6]t_ip[6] * -> void * - ip[6]t_entry * -> void * and adds lines to cast these pointer with intended type. | |||||
* | Fixes warning on compilation of ip6tables matches/targets | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 36 | -107/+107 | |
| | | | | | | This changes the type of arguments as follows - ip6t_ip6 * -> void * - ip6t_entry * -> void * | |||||
* | Fixes warning on compilation of iptables matches/targets | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 60 | -177/+177 | |
| | | | | | | | | | This changes the type of arguments as follows - ipt_ip * -> void * - ipt_entry * -> void * This patch doesn't change multiport, DNAT, SNAT, MASQUERADE, REDIRECT because these need more changes (casting void * variable with intended type) | |||||
* | Replaces ip6t_entry_* with xt_entry_* in matches/targets | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 34 | -128/+127 | |
| | ||||||
* | Replaces ipt_entry_* with xt_entry_* in matches/targets | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 64 | -237/+237 | |
| | ||||||
* | Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.h | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -22/+16 | |
| | ||||||
* | Moves some duplicated functions in ip[6]tables.c to xtables.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 7 | -230/+120 | |
| | | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved. | |||||
* | Introduces xtables match/target registration | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 11 | -875/+728 | |
| | | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo. | |||||
* | Moves ip[6]tables_insmod() to xtables.c as xtables_insmod() | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 8 | -167/+94 | |
| | ||||||
* | Moves common fw_malloc() and fw_calloc() to xtables.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 4 | -48/+35 | |
| | ||||||
* | Adds xtables.[ch] and change Makefile to compile it | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 3 | -7/+30 | |
| | ||||||
* | [PATCH] iptables-xml | /C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net | 2007-07-17 | 3 | -3/+117 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attached are: 1. A man page for iptables-xml 2. A fix for iptables.xslt allowing for an arbitrary depth of arguments or modifiers. Although iptables-xml cannot generate more than two levels deep, xml generated by other systems may prefer to generate <action> <restore-mark> <mask>0xff00</mask> </restore-mark> </action> than <action> <restore-mark/> <mask>0xff00</mask> </action> (which is what iptables-xml generates) even though the same iptables is re-generated on conversion. 3. A fix for iptables-xml.c so that combining of consecutive targets of rules with the same match into one XML rule, will not combine over a terminating action; i.e. there is no point in converting -A table -p tcp -j DROP -A table -p tcp -j MARK --set-mark 25 -A table -p tcp -j RETURN into one XML rule with multiple actions as they are probably not logically combined in the mind of the author. Signed-off by: Sam Liddicott <azez@ufomechanic.net> | |||||
* | Ignore generated files | /C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net | 2007-07-16 | 0 | -0/+0 | |
| |